Next: About this document ...
Up: Dwun 0.8g
Previous: 11. Recognised signals
  Contents
Have a look at the SECURITY file (part of the dwun distribution) for information
on the security of dwun. This file is to show how to put dwun in a secure environment.
At this stage, usernames and passwords are sent in clear-text. This means they
are potentially vulnerable to sniffing. However, considering the gateway is
the host dwun is almost certainly run on I don't see this as a real problem.
Dwun can happily run as a non-root user provided the following:
- it is able to run the command to connect. This may involve making the pppd binary
setuid root and giving the user access to the serial port.
- it can read its rcfile5.
- it can read/write the authfile5.
- it can write to its pidfile5 and logfiles.
If you wish to chroot dwun, this will be more difficult. You must place the
pppd binary, plus anything needed by the dialup scripts, such as ip-up, ip-down,
/bin/sh, ping plus any libraries that are needed. You can avoid having to include
syslog in the chroot jail by setting dwun to log to a file. The modem serial
device and null must be present in the chrooted /dev.
Next: About this document ...
Up: Dwun 0.8g
Previous: 11. Recognised signals
  Contents
2000-06-15